ocpp-ws-io 2.1.3 → 2.1.5

package/dist/{index-BixJj_yJ.d.mts → index-1QBeqAuc.d.mts}

@@ -4486,6 +4486,7 @@ declare class OCPPClient<P extends OCPPProtocol = OCPPProtocol> extends OCPPClie
     private _badMessageCount;
     private _lastActivity;
     private _outboundBuffer;
+    private _offlineQueue;
     private _middleware;
     private _validators;
     private _strictProtocols;
@@ -4557,7 +4558,7 @@ declare class OCPPClient<P extends OCPPProtocol = OCPPProtocol> extends OCPPClie
      *
      * @throws {Error} If a handler for this version and method is already registered on this client instance.
      */
-    handle<V extends OCPPProtocol, M extends AllMethodNames<V>>(version: V, method: M, handler: (context: HandlerContext<OCPPRequestType<V, M>>) => OCPPResponseType<V, M> | Promise<OCPPResponseType<V, M>>): void;
+    handle<V extends OCPPProtocol, M extends AllMethodNames<V>>(version: V, method: M, handler: (context: HandlerContext<OCPPRequestType<V, M>>) => OCPPResponseType<V, M> | Promise<OCPPResponseType<V, M>> | typeof NOREPLY): void;
     /**
      * Register a handler for a custom/extension protocol/method not in the typed OCPP method maps.
      * `handle("my-protocol", "my-method", handler)`
@@ -4573,7 +4574,7 @@ declare class OCPPClient<P extends OCPPProtocol = OCPPProtocol> extends OCPPClie
      *
      * @throws {Error} If a handler for this method is already registered on this client instance.
      */
-    handle<M extends AllMethodNames<P>>(method: M, handler: (context: HandlerContext<OCPPRequestType<P, M>>) => OCPPResponseType<P, M> | Promise<OCPPResponseType<P, M>>): void;
+    handle<M extends AllMethodNames<P>>(method: M, handler: (context: HandlerContext<OCPPRequestType<P, M>>) => OCPPResponseType<P, M> | Promise<OCPPResponseType<P, M>> | typeof NOREPLY): void;
     /**
      * Register a handler for a custom/extension method not in the typed OCPP method maps.
      *
@@ -4653,6 +4654,26 @@ declare class OCPPClient<P extends OCPPProtocol = OCPPProtocol> extends OCPPClie
     /** Errors that should stop reconnection immediately */
     private static readonly _INTOLERABLE_ERRORS;
     private _scheduleReconnect;
+    /**
+     * Atomically drains the offline queue and sends each message via _sendCall.
+     * Uses splice(0) to prevent re-entry bugs (double billing) if the connection
+     * drops again mid-flush — the queue is empty before any sends begin.
+     */
+    private _flushOfflineQueue;
+    /**
+     * Retry wrapper using Full Jitter exponential backoff.
+     * delay = random(0, min(retryMaxDelayMs, retryDelayMs * 2^attempt))
+     * Only retries on TimeoutError — all other errors propagate immediately.
+     */
+    private _callWithRetry;
+    /** Maximum bytes allowed in the ws send buffer before applying backpressure (512KB) */
+    private static readonly _BACKPRESSURE_THRESHOLD;
+    /**
+     * Wraps ws.send() with backpressure protection.
+     * If bufferedAmount exceeds the threshold, waits for the buffer to drain
+     * before sending. Prevents OOM on slow 2G/3G charger connections.
+     */
+    private _safeSend;
     private _startPing;
     private _stopPing;
     private _recordActivity;
@@ -4719,6 +4740,9 @@ interface ValidatorSchema {
 /**
  * Schema validator using AJV for OCPP message validation.
  * Each validator is bound to a specific subprotocol version.
+ *
+ * E2: Schemas are registered at construction time but compiled lazily
+ * on first use, reducing startup time from ~400ms to ~5ms.
  */
 declare class Validator {
     readonly subprotocol: string;
@@ -4732,6 +4756,8 @@ declare class Validator {
     /**
      * Validate a payload against a schema identified by its $id.
      * Throws a typed RPCError if validation fails.
+     *
+     * E2: Schema is compiled on first call to this method (lazy).
      */
     validate(schemaId: string, params: unknown): void;
     /**
@@ -4740,7 +4766,9 @@ declare class Validator {
     hasSchema(schemaId: string): boolean;
 }
 /**
- * Create a validator for a specific subprotocol version.
+ * Create or retrieve a cached validator for a specific subprotocol version.
+ * E5: Returns an existing instance if one was already created for this subprotocol,
+ * preventing duplicate AJV instances and saving memory.
  */
 declare function createValidator(subprotocol: string, schemas: ValidatorSchema[]): Validator;
 
@@ -4829,6 +4857,22 @@ interface CallOptions {
     timeoutMs?: number;
     /** Abort signal */
     signal?: AbortSignal;
+    /**
+     * Max retry attempts on TimeoutError (default: 0 = no retry).
+     * Uses Full Jitter exponential backoff between retries.
+     */
+    retries?: number;
+    /** Base delay in ms for exponential backoff between retries (default: 1000) */
+    retryDelayMs?: number;
+    /** Max delay cap in ms to prevent unbounded backoff (default: 30000) */
+    retryMaxDelayMs?: number;
+    /**
+     * Idempotency key for deduplication. If provided, this value is used
+     * as the OCPP messageId instead of generating a new random one.
+     * Consumers can use the same key to guarantee exactly-once semantics
+     * when retrying calls across reconnections.
+     */
+    idempotencyKey?: string;
 }
 interface CloseOptions {
     /** WebSocket close code (default: 1000) */
@@ -5014,6 +5058,16 @@ interface ClientOptions {
     logging?: LoggingConfig | false;
     /** Rate Limiting configuration (Token Bucket) */
     rateLimit?: RateLimitOptions;
+    /**
+     * If true, calls made while disconnected are queued in-memory
+     * and flushed automatically on reconnect. (default: false)
+     */
+    offlineQueue?: boolean;
+    /**
+     * Maximum number of messages to queue while offline.
+     * Oldest messages are dropped when exceeded. (default: 100)
+     */
+    offlineQueueMaxSize?: number;
 }
 interface RateLimitOptions {
     /** Maximum number of messages allowed within the window */
@@ -5109,6 +5163,36 @@ interface ServerOptions {
      * - `LoggingConfig` → custom configuration
      */
     logging?: LoggingConfig | false;
+    /**
+     * Connection-level rate limiting (per-IP) applied at the HTTP upgrade boundary,
+     * before any auth, TLS or JSON parsing occurs — blocks DDoS connection floods in ~1µs.
+     * - `limit`: Max upgrade requests per IP within `windowMs` (default: 20)
+     * - `windowMs`: Sliding window in ms (default: 10000)
+     */
+    connectionRateLimit?: {
+        limit: number;
+        windowMs: number;
+    };
+    /**
+     * Maximum number of inactive sessions to retain in the bounded LRU cache.
+     * Prevents OOM under DDoS or reconnection storms with transient identities.
+     * (default: 50000)
+     */
+    maxSessions?: number;
+    /**
+     * Enable the built-in HTTP health/metrics endpoint.
+     * When enabled, non-upgrade HTTP requests to `/health` return a JSON health check,
+     * and requests to `/metrics` return Prometheus-compatible text metrics.
+     * (default: false)
+     */
+    healthEndpoint?: boolean;
+    /**
+     * I1: Maximum WebSocket payload size in bytes. Messages exceeding this limit
+     * are rejected at the transport layer before JSON parsing, preventing OOM
+     * from oversized or malicious payloads.
+     * (default: 65536 / 64KB — sufficient for any standard OCPP message)
+     */
+    maxPayloadBytes?: number;
 }
 interface OCPPServerStats {
     /** Number of currently connected WebSockets */
@@ -5182,6 +5266,22 @@ interface ClientEvents {
     }];
 }
 
+/**
+ * I3: Structured security event for SIEM integration.
+ * Emitted by the server for audit-relevant actions.
+ */
+interface SecurityEvent {
+    /** Event type identifier */
+    type: "AUTH_FAILED" | "RATE_LIMIT_EXCEEDED" | "UPGRADE_ABORTED" | "CONNECTION_RATE_LIMIT" | "INVALID_PAYLOAD";
+    /** Station identity (if known) */
+    identity?: string;
+    /** Remote IP address */
+    ip?: string;
+    /** ISO 8601 timestamp */
+    timestamp: string;
+    /** Event-specific details */
+    details?: Record<string, unknown>;
+}
 interface ServerEvents {
     client: [OCPPServerClient];
     error: [Error];
@@ -5199,6 +5299,8 @@ interface ServerEvents {
     ];
     closing: [];
     close: [];
+    /** I3: Structured security event for SIEM/audit pipelines */
+    securityEvent: [SecurityEvent];
     connection: [
         socket: WebSocket.WebSocket,
         request: node_http.IncomingMessage
@@ -5219,6 +5321,15 @@ interface EventAdapterInterface {
     getPresence?(identity: string): Promise<string | null>;
     getPresenceBatch?(identities: string[]): Promise<(string | null)[]>;
     removePresence?(identity: string): Promise<void>;
+    /**
+     * Batch set multiple presence entries in a single pipeline.
+     * Reduces N network round-trips to 1 for bulk presence updates.
+     */
+    setPresenceBatch?(entries: {
+        identity: string;
+        nodeId: string;
+        ttl?: number;
+    }[]): Promise<void>;
     metrics?(): Promise<Record<string, unknown>>;
 }
 declare const NOREPLY: unique symbol;
@@ -5287,6 +5398,16 @@ interface RedisAdapterOptions {
     prefix?: string;
     /** StreamMaxLen for trimming (default: 1000) */
     streamMaxLen?: number;
+    /**
+     * TTL in seconds for ephemeral stream keys (default: 300).
+     * Prevents abandoned channel keys from leaking memory in Redis.
+     */
+    streamTtlSeconds?: number;
+    /**
+     * Presence TTL in seconds (default: 300).
+     * Used for batch presence heartbeat pipeline.
+     */
+    presenceTtlSeconds?: number;
 }
 /**
  * Redis adapter for cross-process event distribution.
@@ -5298,11 +5419,17 @@ declare class RedisAdapter implements EventAdapterInterface {
     private _driver;
     private _prefix;
     private _streamMaxLen;
+    private _streamTtlSeconds;
+    private _presenceTtlSeconds;
     private _handlers;
     private _streamOffsets;
     private _streams;
     private _polling;
     private _closed;
+    private _sequenceCounters;
+    private _unsubError?;
+    private _unsubReconnect?;
+    private _presenceCache;
     constructor(options: RedisAdapterOptions);
     publish(channel: string, data: unknown): Promise<void>;
     publishBatch(messages: {
@@ -5320,6 +5447,20 @@ declare class RedisAdapter implements EventAdapterInterface {
     getPresenceBatch(identities: string[]): Promise<(string | null)[]>;
     removePresence(identity: string): Promise<void>;
     metrics(): Promise<Record<string, unknown>>;
+    /**
+     * Set multiple presence entries in a single Redis pipeline.
+     * Reduces N network round-trips to 1 for bulk presence updates.
+     */
+    setPresenceBatch(entries: {
+        identity: string;
+        nodeId: string;
+        ttl?: number;
+    }[]): Promise<void>;
+    /**
+     * Re-syncs all cached presence entries to Redis after a reconnection.
+     * Called automatically when the Redis client reconnects.
+     */
+    private _rehydratePresence;
 }
 
-export { createValidator as $, type AuthCallback as A, type OCPP16Methods as B, type ConnectionMiddleware as C, type OCPP201Methods as D, type EventAdapterInterface as E, type OCPP21Methods as F, type OCPPCall as G, type HandlerContext as H, type OCPPCallError as I, type OCPPCallResult as J, OCPPClient as K, type LoggerLike as L, type MiddlewareFunction as M, NOREPLY as N, type OCPPProtocol as O, type OCPPMessage as P, type OCPPMethodMap as Q, type RouterConfig as R, type ServerEvents as S, type TypedEventEmitter as T, type OCPPProtocolKey as U, Validator as V, RedisAdapter as W, SecurityProfile as X, type SessionData as Y, type TLSOptions as Z, type WildcardHandler as _, type LoggingConfig as a, type RedisAdapterOptions as a0, type MiddlewareContext as b, type CORSOptions as c, type AllMethodNames as d, type RouterHandlerContext as e, type OCPPRequestType as f, type OCPPResponseType as g, type RouterWildcardHandler as h, type ServerOptions as i, type LoggerLikeNotOptional as j, OCPPServerClient as k, type OCPPServerStats as l, type ListenOptions as m, type CloseOptions as n, type CallOptions as o, type AnyOCPPProtocol as p, type AuthAccept as q, type CallHandler as r, type ClientEvents as s, type ClientOptions as t, type ConnectionContext as u, ConnectionState as v, type HandshakeInfo as w, MessageType as x, type MiddlewareNext as y, MiddlewareStack as z };
+export { createValidator as $, type AuthCallback as A, MiddlewareStack as B, type ConnectionMiddleware as C, type OCPP16Methods as D, type EventAdapterInterface as E, type OCPP201Methods as F, type OCPP21Methods as G, type HandlerContext as H, type OCPPCall as I, type OCPPCallError as J, type OCPPCallResult as K, type LoggerLike as L, type MiddlewareFunction as M, NOREPLY as N, type OCPPProtocol as O, OCPPClient as P, type OCPPMessage as Q, type RouterConfig as R, type ServerEvents as S, type TypedEventEmitter as T, type OCPPMethodMap as U, Validator as V, type OCPPProtocolKey as W, RedisAdapter as X, SecurityProfile as Y, type SessionData as Z, type WildcardHandler as _, type LoggingConfig as a, type RedisAdapterOptions as a0, type MiddlewareContext as b, type CORSOptions as c, type AllMethodNames as d, type RouterHandlerContext as e, type OCPPRequestType as f, type OCPPResponseType as g, type RouterWildcardHandler as h, type ServerOptions as i, type LoggerLikeNotOptional as j, OCPPServerClient as k, type OCPPServerStats as l, type ListenOptions as m, type TLSOptions as n, type CloseOptions as o, type CallOptions as p, type AnyOCPPProtocol as q, type AuthAccept as r, type CallHandler as s, type ClientEvents as t, type ClientOptions as u, type ConnectionContext as v, ConnectionState as w, type HandshakeInfo as x, MessageType as y, type MiddlewareNext as z };

package/dist/{index-BixJj_yJ.d.ts → index-1QBeqAuc.d.ts}

@@ -4486,6 +4486,7 @@ declare class OCPPClient<P extends OCPPProtocol = OCPPProtocol> extends OCPPClie
     private _badMessageCount;
     private _lastActivity;
     private _outboundBuffer;
+    private _offlineQueue;
     private _middleware;
     private _validators;
     private _strictProtocols;
@@ -4557,7 +4558,7 @@ declare class OCPPClient<P extends OCPPProtocol = OCPPProtocol> extends OCPPClie
      *
      * @throws {Error} If a handler for this version and method is already registered on this client instance.
      */
-    handle<V extends OCPPProtocol, M extends AllMethodNames<V>>(version: V, method: M, handler: (context: HandlerContext<OCPPRequestType<V, M>>) => OCPPResponseType<V, M> | Promise<OCPPResponseType<V, M>>): void;
+    handle<V extends OCPPProtocol, M extends AllMethodNames<V>>(version: V, method: M, handler: (context: HandlerContext<OCPPRequestType<V, M>>) => OCPPResponseType<V, M> | Promise<OCPPResponseType<V, M>> | typeof NOREPLY): void;
     /**
      * Register a handler for a custom/extension protocol/method not in the typed OCPP method maps.
      * `handle("my-protocol", "my-method", handler)`
@@ -4573,7 +4574,7 @@ declare class OCPPClient<P extends OCPPProtocol = OCPPProtocol> extends OCPPClie
      *
      * @throws {Error} If a handler for this method is already registered on this client instance.
      */
-    handle<M extends AllMethodNames<P>>(method: M, handler: (context: HandlerContext<OCPPRequestType<P, M>>) => OCPPResponseType<P, M> | Promise<OCPPResponseType<P, M>>): void;
+    handle<M extends AllMethodNames<P>>(method: M, handler: (context: HandlerContext<OCPPRequestType<P, M>>) => OCPPResponseType<P, M> | Promise<OCPPResponseType<P, M>> | typeof NOREPLY): void;
     /**
      * Register a handler for a custom/extension method not in the typed OCPP method maps.
      *
@@ -4653,6 +4654,26 @@ declare class OCPPClient<P extends OCPPProtocol = OCPPProtocol> extends OCPPClie
     /** Errors that should stop reconnection immediately */
     private static readonly _INTOLERABLE_ERRORS;
     private _scheduleReconnect;
+    /**
+     * Atomically drains the offline queue and sends each message via _sendCall.
+     * Uses splice(0) to prevent re-entry bugs (double billing) if the connection
+     * drops again mid-flush — the queue is empty before any sends begin.
+     */
+    private _flushOfflineQueue;
+    /**
+     * Retry wrapper using Full Jitter exponential backoff.
+     * delay = random(0, min(retryMaxDelayMs, retryDelayMs * 2^attempt))
+     * Only retries on TimeoutError — all other errors propagate immediately.
+     */
+    private _callWithRetry;
+    /** Maximum bytes allowed in the ws send buffer before applying backpressure (512KB) */
+    private static readonly _BACKPRESSURE_THRESHOLD;
+    /**
+     * Wraps ws.send() with backpressure protection.
+     * If bufferedAmount exceeds the threshold, waits for the buffer to drain
+     * before sending. Prevents OOM on slow 2G/3G charger connections.
+     */
+    private _safeSend;
     private _startPing;
     private _stopPing;
     private _recordActivity;
@@ -4719,6 +4740,9 @@ interface ValidatorSchema {
 /**
  * Schema validator using AJV for OCPP message validation.
  * Each validator is bound to a specific subprotocol version.
+ *
+ * E2: Schemas are registered at construction time but compiled lazily
+ * on first use, reducing startup time from ~400ms to ~5ms.
  */
 declare class Validator {
     readonly subprotocol: string;
@@ -4732,6 +4756,8 @@ declare class Validator {
     /**
      * Validate a payload against a schema identified by its $id.
      * Throws a typed RPCError if validation fails.
+     *
+     * E2: Schema is compiled on first call to this method (lazy).
      */
     validate(schemaId: string, params: unknown): void;
     /**
@@ -4740,7 +4766,9 @@ declare class Validator {
     hasSchema(schemaId: string): boolean;
 }
 /**
- * Create a validator for a specific subprotocol version.
+ * Create or retrieve a cached validator for a specific subprotocol version.
+ * E5: Returns an existing instance if one was already created for this subprotocol,
+ * preventing duplicate AJV instances and saving memory.
  */
 declare function createValidator(subprotocol: string, schemas: ValidatorSchema[]): Validator;
 
@@ -4829,6 +4857,22 @@ interface CallOptions {
     timeoutMs?: number;
     /** Abort signal */
     signal?: AbortSignal;
+    /**
+     * Max retry attempts on TimeoutError (default: 0 = no retry).
+     * Uses Full Jitter exponential backoff between retries.
+     */
+    retries?: number;
+    /** Base delay in ms for exponential backoff between retries (default: 1000) */
+    retryDelayMs?: number;
+    /** Max delay cap in ms to prevent unbounded backoff (default: 30000) */
+    retryMaxDelayMs?: number;
+    /**
+     * Idempotency key for deduplication. If provided, this value is used
+     * as the OCPP messageId instead of generating a new random one.
+     * Consumers can use the same key to guarantee exactly-once semantics
+     * when retrying calls across reconnections.
+     */
+    idempotencyKey?: string;
 }
 interface CloseOptions {
     /** WebSocket close code (default: 1000) */
@@ -5014,6 +5058,16 @@ interface ClientOptions {
     logging?: LoggingConfig | false;
     /** Rate Limiting configuration (Token Bucket) */
     rateLimit?: RateLimitOptions;
+    /**
+     * If true, calls made while disconnected are queued in-memory
+     * and flushed automatically on reconnect. (default: false)
+     */
+    offlineQueue?: boolean;
+    /**
+     * Maximum number of messages to queue while offline.
+     * Oldest messages are dropped when exceeded. (default: 100)
+     */
+    offlineQueueMaxSize?: number;
 }
 interface RateLimitOptions {
     /** Maximum number of messages allowed within the window */
@@ -5109,6 +5163,36 @@ interface ServerOptions {
      * - `LoggingConfig` → custom configuration
      */
     logging?: LoggingConfig | false;
+    /**
+     * Connection-level rate limiting (per-IP) applied at the HTTP upgrade boundary,
+     * before any auth, TLS or JSON parsing occurs — blocks DDoS connection floods in ~1µs.
+     * - `limit`: Max upgrade requests per IP within `windowMs` (default: 20)
+     * - `windowMs`: Sliding window in ms (default: 10000)
+     */
+    connectionRateLimit?: {
+        limit: number;
+        windowMs: number;
+    };
+    /**
+     * Maximum number of inactive sessions to retain in the bounded LRU cache.
+     * Prevents OOM under DDoS or reconnection storms with transient identities.
+     * (default: 50000)
+     */
+    maxSessions?: number;
+    /**
+     * Enable the built-in HTTP health/metrics endpoint.
+     * When enabled, non-upgrade HTTP requests to `/health` return a JSON health check,
+     * and requests to `/metrics` return Prometheus-compatible text metrics.
+     * (default: false)
+     */
+    healthEndpoint?: boolean;
+    /**
+     * I1: Maximum WebSocket payload size in bytes. Messages exceeding this limit
+     * are rejected at the transport layer before JSON parsing, preventing OOM
+     * from oversized or malicious payloads.
+     * (default: 65536 / 64KB — sufficient for any standard OCPP message)
+     */
+    maxPayloadBytes?: number;
 }
 interface OCPPServerStats {
     /** Number of currently connected WebSockets */
@@ -5182,6 +5266,22 @@ interface ClientEvents {
     }];
 }
 
+/**
+ * I3: Structured security event for SIEM integration.
+ * Emitted by the server for audit-relevant actions.
+ */
+interface SecurityEvent {
+    /** Event type identifier */
+    type: "AUTH_FAILED" | "RATE_LIMIT_EXCEEDED" | "UPGRADE_ABORTED" | "CONNECTION_RATE_LIMIT" | "INVALID_PAYLOAD";
+    /** Station identity (if known) */
+    identity?: string;
+    /** Remote IP address */
+    ip?: string;
+    /** ISO 8601 timestamp */
+    timestamp: string;
+    /** Event-specific details */
+    details?: Record<string, unknown>;
+}
 interface ServerEvents {
     client: [OCPPServerClient];
     error: [Error];
@@ -5199,6 +5299,8 @@ interface ServerEvents {
     ];
     closing: [];
     close: [];
+    /** I3: Structured security event for SIEM/audit pipelines */
+    securityEvent: [SecurityEvent];
     connection: [
         socket: WebSocket.WebSocket,
         request: node_http.IncomingMessage
@@ -5219,6 +5321,15 @@ interface EventAdapterInterface {
     getPresence?(identity: string): Promise<string | null>;
     getPresenceBatch?(identities: string[]): Promise<(string | null)[]>;
     removePresence?(identity: string): Promise<void>;
+    /**
+     * Batch set multiple presence entries in a single pipeline.
+     * Reduces N network round-trips to 1 for bulk presence updates.
+     */
+    setPresenceBatch?(entries: {
+        identity: string;
+        nodeId: string;
+        ttl?: number;
+    }[]): Promise<void>;
     metrics?(): Promise<Record<string, unknown>>;
 }
 declare const NOREPLY: unique symbol;
@@ -5287,6 +5398,16 @@ interface RedisAdapterOptions {
     prefix?: string;
     /** StreamMaxLen for trimming (default: 1000) */
     streamMaxLen?: number;
+    /**
+     * TTL in seconds for ephemeral stream keys (default: 300).
+     * Prevents abandoned channel keys from leaking memory in Redis.
+     */
+    streamTtlSeconds?: number;
+    /**
+     * Presence TTL in seconds (default: 300).
+     * Used for batch presence heartbeat pipeline.
+     */
+    presenceTtlSeconds?: number;
 }
 /**
  * Redis adapter for cross-process event distribution.
@@ -5298,11 +5419,17 @@ declare class RedisAdapter implements EventAdapterInterface {
     private _driver;
     private _prefix;
     private _streamMaxLen;
+    private _streamTtlSeconds;
+    private _presenceTtlSeconds;
     private _handlers;
     private _streamOffsets;
     private _streams;
     private _polling;
     private _closed;
+    private _sequenceCounters;
+    private _unsubError?;
+    private _unsubReconnect?;
+    private _presenceCache;
     constructor(options: RedisAdapterOptions);
     publish(channel: string, data: unknown): Promise<void>;
     publishBatch(messages: {
@@ -5320,6 +5447,20 @@ declare class RedisAdapter implements EventAdapterInterface {
     getPresenceBatch(identities: string[]): Promise<(string | null)[]>;
     removePresence(identity: string): Promise<void>;
     metrics(): Promise<Record<string, unknown>>;
+    /**
+     * Set multiple presence entries in a single Redis pipeline.
+     * Reduces N network round-trips to 1 for bulk presence updates.
+     */
+    setPresenceBatch(entries: {
+        identity: string;
+        nodeId: string;
+        ttl?: number;
+    }[]): Promise<void>;
+    /**
+     * Re-syncs all cached presence entries to Redis after a reconnection.
+     * Called automatically when the Redis client reconnects.
+     */
+    private _rehydratePresence;
 }
 
-export { createValidator as $, type AuthCallback as A, type OCPP16Methods as B, type ConnectionMiddleware as C, type OCPP201Methods as D, type EventAdapterInterface as E, type OCPP21Methods as F, type OCPPCall as G, type HandlerContext as H, type OCPPCallError as I, type OCPPCallResult as J, OCPPClient as K, type LoggerLike as L, type MiddlewareFunction as M, NOREPLY as N, type OCPPProtocol as O, type OCPPMessage as P, type OCPPMethodMap as Q, type RouterConfig as R, type ServerEvents as S, type TypedEventEmitter as T, type OCPPProtocolKey as U, Validator as V, RedisAdapter as W, SecurityProfile as X, type SessionData as Y, type TLSOptions as Z, type WildcardHandler as _, type LoggingConfig as a, type RedisAdapterOptions as a0, type MiddlewareContext as b, type CORSOptions as c, type AllMethodNames as d, type RouterHandlerContext as e, type OCPPRequestType as f, type OCPPResponseType as g, type RouterWildcardHandler as h, type ServerOptions as i, type LoggerLikeNotOptional as j, OCPPServerClient as k, type OCPPServerStats as l, type ListenOptions as m, type CloseOptions as n, type CallOptions as o, type AnyOCPPProtocol as p, type AuthAccept as q, type CallHandler as r, type ClientEvents as s, type ClientOptions as t, type ConnectionContext as u, ConnectionState as v, type HandshakeInfo as w, MessageType as x, type MiddlewareNext as y, MiddlewareStack as z };
+export { createValidator as $, type AuthCallback as A, MiddlewareStack as B, type ConnectionMiddleware as C, type OCPP16Methods as D, type EventAdapterInterface as E, type OCPP201Methods as F, type OCPP21Methods as G, type HandlerContext as H, type OCPPCall as I, type OCPPCallError as J, type OCPPCallResult as K, type LoggerLike as L, type MiddlewareFunction as M, NOREPLY as N, type OCPPProtocol as O, OCPPClient as P, type OCPPMessage as Q, type RouterConfig as R, type ServerEvents as S, type TypedEventEmitter as T, type OCPPMethodMap as U, Validator as V, type OCPPProtocolKey as W, RedisAdapter as X, SecurityProfile as Y, type SessionData as Z, type WildcardHandler as _, type LoggingConfig as a, type RedisAdapterOptions as a0, type MiddlewareContext as b, type CORSOptions as c, type AllMethodNames as d, type RouterHandlerContext as e, type OCPPRequestType as f, type OCPPResponseType as g, type RouterWildcardHandler as h, type ServerOptions as i, type LoggerLikeNotOptional as j, OCPPServerClient as k, type OCPPServerStats as l, type ListenOptions as m, type TLSOptions as n, type CloseOptions as o, type CallOptions as p, type AnyOCPPProtocol as q, type AuthAccept as r, type CallHandler as s, type ClientEvents as t, type ClientOptions as u, type ConnectionContext as v, ConnectionState as w, type HandshakeInfo as x, MessageType as y, type MiddlewareNext as z };

package/dist/index.d.mts

@@ -1,5 +1,5 @@
-import { E as EventAdapterInterface, A as AuthCallback, L as LoggerLike, a as LoggingConfig, M as MiddlewareFunction, b as MiddlewareContext, C as ConnectionMiddleware, T as TypedEventEmitter, S as ServerEvents, c as CORSOptions, R as RouterConfig, O as OCPPProtocol, d as AllMethodNames, e as RouterHandlerContext, f as OCPPRequestType, g as OCPPResponseType, h as RouterWildcardHandler, i as ServerOptions, j as LoggerLikeNotOptional, k as OCPPServerClient, l as OCPPServerStats, m as ListenOptions, n as CloseOptions, o as CallOptions, V as Validator } from './index-BixJj_yJ.mjs';
-export { p as AnyOCPPProtocol, q as AuthAccept, r as CallHandler, s as ClientEvents, t as ClientOptions, u as ConnectionContext, v as ConnectionState, H as HandlerContext, w as HandshakeInfo, x as MessageType, y as MiddlewareNext, z as MiddlewareStack, N as NOREPLY, B as OCPP16Methods, D as OCPP201Methods, F as OCPP21Methods, G as OCPPCall, I as OCPPCallError, J as OCPPCallResult, K as OCPPClient, P as OCPPMessage, Q as OCPPMethodMap, U as OCPPProtocolKey, W as RedisAdapter, X as SecurityProfile, Y as SessionData, Z as TLSOptions, _ as WildcardHandler, $ as createValidator } from './index-BixJj_yJ.mjs';
+import { E as EventAdapterInterface, A as AuthCallback, L as LoggerLike, a as LoggingConfig, M as MiddlewareFunction, b as MiddlewareContext, C as ConnectionMiddleware, T as TypedEventEmitter, S as ServerEvents, c as CORSOptions, R as RouterConfig, O as OCPPProtocol, d as AllMethodNames, e as RouterHandlerContext, f as OCPPRequestType, g as OCPPResponseType, h as RouterWildcardHandler, i as ServerOptions, j as LoggerLikeNotOptional, k as OCPPServerClient, l as OCPPServerStats, m as ListenOptions, n as TLSOptions, o as CloseOptions, p as CallOptions, V as Validator } from './index-1QBeqAuc.mjs';
+export { q as AnyOCPPProtocol, r as AuthAccept, s as CallHandler, t as ClientEvents, u as ClientOptions, v as ConnectionContext, w as ConnectionState, H as HandlerContext, x as HandshakeInfo, y as MessageType, z as MiddlewareNext, B as MiddlewareStack, N as NOREPLY, D as OCPP16Methods, F as OCPP201Methods, G as OCPP21Methods, I as OCPPCall, J as OCPPCallError, K as OCPPCallResult, P as OCPPClient, Q as OCPPMessage, U as OCPPMethodMap, W as OCPPProtocolKey, X as RedisAdapter, Y as SecurityProfile, Z as SessionData, _ as WildcardHandler, $ as createValidator } from './index-1QBeqAuc.mjs';
 import { Server, IncomingMessage } from 'node:http';
 import { Duplex } from 'node:stream';
 import 'ws';
@@ -28,6 +28,11 @@ declare class InMemoryAdapter implements EventAdapterInterface {
     getPresence(identity: string): Promise<string | null>;
     getPresenceBatch(identities: string[]): Promise<(string | null)[]>;
     removePresence(identity: string): Promise<void>;
+    setPresenceBatch(entries: {
+        identity: string;
+        nodeId: string;
+        ttl?: number;
+    }[]): Promise<void>;
 }
 /**
  * Helper function to create a custom EventAdapter without needing to define a rigid Class.
@@ -160,6 +165,38 @@ declare function combineAuth(...cbs: AuthCallback[]): AuthCallback;
  */
 declare function createLoggingMiddleware(logger: LoggerLike, identity: string, config?: LoggingConfig | boolean): MiddlewareFunction<MiddlewareContext, any>;
 
+/**
+ * LRUMap — A zero-dependency, drop-in Map replacement with a maximum capacity.
+ *
+ * Evicts the **least recently used** entry when the capacity is exceeded.
+ * Uses native Map insertion-order semantics for O(1) LRU tracking
+ * (delete + re-insert moves a key to the "most recent" end).
+ *
+ * @remarks
+ * This is used by OCPPServer to bound the `_sessions` map and prevent OOM under
+ * DDoS or reconnection storms with transient identities.
+ */
+declare class LRUMap<K, V> extends Map<K, V> {
+    private _maxSize;
+    constructor(maxSize: number);
+    /**
+     * Returns the configured maximum capacity of this LRU cache.
+     */
+    get maxSize(): number;
+    /**
+     * Sets a key-value pair. If the key already exists, it is promoted to the
+     * most-recently-used position. If inserting a new key would exceed capacity,
+     * the oldest (least-recently-used) entry is evicted.
+     */
+    set(key: K, value: V): this;
+    /**
+     * Gets a value by key and promotes it to the most-recently-used position.
+     * Uses `this.has(key)` instead of a value truthiness check to correctly
+     * handle stored values of `undefined`, `null`, `0`, `""`, etc.
+     */
+    get(key: K): V | undefined;
+}
+
 /**
  * Compiled regex pattern for RegExp-based route fallback.
  * Only used when a user registers a RegExp pattern (not string patterns).
@@ -280,6 +317,7 @@ declare class OCPPServer extends OCPPServer_base {
     private _httpServerAbortControllers;
     private _logger;
     private _globalCORS?;
+    private _connectionBuckets;
     private readonly _nodeId;
     private _sessions;
     private _gcInterval;
@@ -361,6 +399,28 @@ declare class OCPPServer extends OCPPServer_base {
      */
     private _registerRouter;
     listen(port?: number, host?: string, options?: ListenOptions): Promise<Server>;
+    /**
+     * Hot-reloads the TLS certificate on all active HTTPS servers without
+     * dropping any existing WebSocket connections.
+     *
+     * **When to use:** Call this whenever your TLS certificate is renewed —
+     * for example, after a Let's Encrypt auto-renewal (every ~90 days).
+     * Without this, you would need to restart the Node.js process to pick up
+     * the new certificate, disconnecting all connected charging stations.
+     *
+     * **How to use:**
+     * ```ts
+     * server.updateTLS({ cert: newCert, key: newKey });
+     * ```
+     *
+     * **Optional:** Only relevant if you are terminating TLS directly in Node.js
+     * (i.e. `SecurityProfile.TLS_BASIC_AUTH` or `TLS_CLIENT_CERT`). If you are
+     * running behind a reverse proxy (Nginx, AWS ALB, etc.) that handles TLS,
+     * you do not need this method — just rotate the cert on the proxy.
+     *
+     * @throws If the server is not using a TLS Security Profile.
+     */
+    updateTLS(tlsOpts: TLSOptions): void;
     get handleUpgrade(): (req: IncomingMessage, socket: Duplex, head: Buffer) => Promise<void>;
     /**
      * Core upgrade handler. Follows a strict pipeline:
@@ -418,11 +478,7 @@ declare class OCPPServer extends OCPPServer_base {
     broadcastBatch<V extends AllMethodNames<any>>(identities: string[], method: V, params: OCPPRequestType<any, V>, options?: CallOptions): Promise<void>;
 }
 
-/**
- * Pre-built validators for all supported OCPP protocol versions.
- * These are automatically registered when strict mode is enabled.
- */
-declare const standardValidators: Validator[];
+declare function getStandardValidators(): Validator[];
 
 /**
  * Instantiate a typed RPCError from a string error code.
@@ -446,4 +502,4 @@ declare function getErrorPlainObject(err: Error): Record<string, unknown>;
  */
 declare function getPackageIdent(): string;
 
-export { AllMethodNames, AuthCallback, CORSOptions, CallOptions, CloseOptions, ConnectionMiddleware, EventAdapterInterface, InMemoryAdapter, ListenOptions, LoggerLike, LoggingConfig, MiddlewareFunction, OCPPProtocol, OCPPRequestType, OCPPResponseType, OCPPRouter, OCPPServer, OCPPServerClient, type RPCError, RPCFormatViolationError, RPCFormationViolationError, RPCFrameworkError, RPCGenericError, RPCInternalError, RPCMessageTypeNotSupportedError, RPCNotImplementedError, RPCNotSupportedError, RPCOccurrenceConstraintViolationError, RPCPropertyConstraintViolationError, RPCProtocolError, RPCSecurityError, RPCTypeConstraintViolationError, RouterConfig, ServerEvents, ServerOptions, TimeoutError, TypedEventEmitter, UnexpectedHttpResponse, Validator, WebsocketUpgradeError, combineAuth, createLoggingMiddleware, createRPCError, createRouter, defineAdapter, defineAuth, defineMiddleware, defineRpcMiddleware, getErrorPlainObject, getPackageIdent, standardValidators };
+export { AllMethodNames, AuthCallback, CORSOptions, CallOptions, CloseOptions, ConnectionMiddleware, EventAdapterInterface, InMemoryAdapter, LRUMap, ListenOptions, LoggerLike, LoggingConfig, MiddlewareFunction, OCPPProtocol, OCPPRequestType, OCPPResponseType, OCPPRouter, OCPPServer, OCPPServerClient, type RPCError, RPCFormatViolationError, RPCFormationViolationError, RPCFrameworkError, RPCGenericError, RPCInternalError, RPCMessageTypeNotSupportedError, RPCNotImplementedError, RPCNotSupportedError, RPCOccurrenceConstraintViolationError, RPCPropertyConstraintViolationError, RPCProtocolError, RPCSecurityError, RPCTypeConstraintViolationError, RouterConfig, ServerEvents, ServerOptions, TLSOptions, TimeoutError, TypedEventEmitter, UnexpectedHttpResponse, Validator, WebsocketUpgradeError, combineAuth, createLoggingMiddleware, createRPCError, createRouter, defineAdapter, defineAuth, defineMiddleware, defineRpcMiddleware, getErrorPlainObject, getPackageIdent, getStandardValidators };